DEV Community

loading...

Why can't browsers natively handle cookie consent?

camdenclark profile image Camden Clark ・2 min read

With the implementation of GDPR and CCPA, every website has to have their own half-baked implementation of a cookie consent banner. For the uninitiated, these are the banners that appear at the bottom of webpages that say "Accept Cookies" or "Decline". These banners can sometimes take up half the viewport or not be responsive on mobile. Moreover, it's really common that these banners often have serious accessibility issues that might make them non-compliant.

There should be a better way.

What if browsers could have a similar native UX implementation for cookie consent as with getting access to the microphone, for example? The user experience I'm thinking about here is as follows: the user would be prompted in the browser context whether or not to allow access to cookies when navigating to a webpage. There's a lot of room in the design space here to make sure that the user is in control while minimizing the damage to the user experience on the web.

Before I get in to a few roadblocks I see, there could be ongoing work in this space, but some googling didn't help me here. If it's not being worked on, there's probably a few other reasons this hasn't been done yet (this is just a random thought I had), so please leave a comment if I've missed something.

Roadblock 1: Old browser versions

This is inevitably a huge roadblock. But we already have a bad patchwork of implementations, so it seems like that damage has been done here. Why not try to move towards a better standard?

Roadblock 2: Not granular enough

It's probable that a cookie interface for the browser wouldn't be granular enough to support all use cases (say, missing different levels of cookies to opt-in to). But, again, I think websites that want to support use cases outside of regulatory frameworks should probably implement their own interfaces. Getting 95% of the way there seems worth it.

Roadblock 3: Regulatory patchwork

This is probably the main roadblock for the near future. A lot of these laws are in their infancy, and many jurisdictions are considering their regulatory frameworks on data privacy right now.

This could be totally naive, but this could actually be an argument for writing a standard now. If there's a consistent standard that gets negotiated with all parties at the table, it would be way easier to lobby governments across the world that they should write regulation that matches the standard.

I'll just reiterate: I'm not super familiar with this area or what ongoing work or discussions have been had in the past here. Just sketching out some thoughts I had and found it difficult to find any information about decisions in this space.

Thanks for reading!

Discussion (4)

pic
Editor guide
Collapse
aahnik profile image
Aahnik Daw

Great idea. I believe this should be done.

Collapse
euperia profile image
Andrew McCombe

It's the legal responsibility of the website owner to ensure cookie legislation is acquired from the visitor and not the browser vendor.

Moving this to the browser is impractical due to the sheer number of browsers and versions.

Collapse
clarkey87 profile image
Clarkey87

Sheer number of browsers and versions? If you take the latest version of each, it must be about 50 max (see en.wikipedia.org/wiki/List_of_web_...) - vs the sheer number of websites (millions if not billions) going about this their own way with their own interpretation of the law(s)... Feels like putting it at browser level is by far the most sensible option - they can enforce the rules that way, and make sure that websites are compliant.

Collapse
niorad profile image
Antonio Radovcic

One of the reasons may be those super complicated tables of cookies you can allow or deny. A browser couldn’t handle those natively. Also there could be lots of potential of misuse. I‘d rather see that website stop using the unnecessary cookies in the first place, so they wouldn’t need those overlays at all.